Issue
I was trying to automate .dmg installation on MacOS 14.2.1 through a bash script The script does this:
After the .app is copied to /Applications, when I try to open it it displays “cannot be opened because the developer cannot be verified". However when I install it manually without a script it doesn't show this message. Important note: The application I was testing this on was Discord, so it's definitely signed and verified
This is the script
#/bin/sh
hdiutil attach ~/Downloads/Discord.dmg -quiet -nobrowse
cp -rf /Volumes/Discord/Discord.app /Applications
hdiutil detach /Volumes/Discord
One thing I noticed is that if I move the .app through the script (not manually) and try to verify its signature with codesign --verify /Applications/Discord.app It displays:
/Applications/Discord.app: bundle format is ambiguous (could be app or framework)
In subcomponent: /Applications/Discord.app/Contents/Frameworks/Electron Framework.framework
Solution
Try
rm -rf /Applications/Discord.app
cp -R /Volumes/Discord/Discord.app /Applications
From man cp:
Historic versions of the cp utility had a -r option. This implementation supports that option, however, its behavior is different from historical FreeBSD behavior. Use of this option is strongly discouraged as the behavior is implementation-dependent.
Answered By - Diego Torres Milano Answer Checked By - Mary Flores (WPSolving Volunteer)